Re: Simultaneous VPN connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 4 Mar 2003, Bailey Kong wrote:

> Host1 ---------> Iptables/GW ------> Router ------> INET -----> VPN Server
> (192.168.1.10)   SNAT                NO NAT
>                                        ^
>                                        |
> Host2 ---------------------------------|
> (INET IP different from the one Iptables/GW uses)
>
> This is how we are able to get 2 connections to the VPN Server, now the
> people that setup the VPN Server claim that there aren't any limits like 1
> connection per IP or anything like that, I'm also wondering, if you ever
> could make more than 1 connection to a VPN Server from the same IP. I'm
> not very familiar with VPNs.

You are right, at least one NAT gateway should take care of the call ID
numbers the clients assign themselves.  These numbers are rewritten by
iptables so that when replies come back from the PPTP server, iptables
will be able to demultiplex the data among the clients.

Likewise, the PPTP server itself should better take care of assigning
unique call ID numbers to every incoming call.  The server then passes its
call ID number to the client over TCP.  Now multiple clients with the same
source IP address will be demultiplexed by the PPTP server thanks to the
peer (destination) call ID field of the GRE header.

Check this out as well:

http://sourceforge.net/docman/display_doc.php?docid=14460&group_id=44827

--
Ilguiz Latypov
Net Integration Technologies, Inc

tel. +1 (514) 281 9191 x 117





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux